718407701cd364ffe71d52012a70794a138351a85d0d098abc6643ce89b579de

Sharing

Copy URL

Twitter E-mail

General

Target

718407701cd364ffe71d52012a70794a138351a85d0d098abc6643ce89b579de
Size

1.1MB
MD5

80b1aa179e1da3b60be11f0ecbd5cfee
SHA1

86fcabf2a5a991d2b673c4d2c544b357b34834d1
SHA256

718407701cd364ffe71d52012a70794a138351a85d0d098abc6643ce89b579de
SHA512

2b738691277782bea0b2fd9a166ecf1725f621f2ea11ece0d15e24f1d15ec8d0b37c229f23b243c7449337fe7572a764e3630c2d9ede2556881cc88da32431a1
SSDEEP

24576:Tj8bZKikoOSmN6p/v2xtSiIOxSF+f6XIt2x/B+HWYqJ:sDk6mYRHMf6XL2qJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
718407701cd364ffe71d52012a70794a138351a85d0d098abc6643ce89b579de

Files

718407701cd364ffe71d52012a70794a138351a85d0d098abc6643ce89b579de
.dll regsvr32 windows:5 windows x86 arch:x86

4625b20b5d390f88bfe2ecd05fc1808d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
FreeLibrary
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjects
GetTickCount
CreateFileW
GetTempPathW
GetFileAttributesW
GetFileAttributesA
TerminateProcess
lstrcpynW
CreateDirectoryW
WTSGetActiveConsoleSessionId
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
SetLastError
LoadLibraryA
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetLocalTime
GetCurrentThreadId
FindClose
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
FormatMessageA
ResetEvent
IsDebuggerPresent
OutputDebugStringW
ReadConsoleInputA
FindFirstFileA
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
FlushConsoleInputBuffer
GetModuleHandleW
GetProcAddress
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MultiByteToWideChar
lstrcatW
GetComputerNameW
CloseHandle
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
InterlockedExchange
RaiseException
GetModuleFileNameW
HeapDestroy
Sleep
InitializeCriticalSectionAndSpinCount
GetProcessHeap
InterlockedCompareExchange
HeapFree
GlobalMemoryStatus
GetModuleHandleA
LocalFree
SetEnvironmentVariableA
GetCurrentDirectoryW
SetConsoleMode
WriteConsoleW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
ReadConsoleW
GetConsoleMode
SetConsoleCtrlHandler
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
GetSystemDirectoryW
HeapReAlloc
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetFullPathNameW
IsProcessorFeaturePresent
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
LoadLibraryExW
ExitThread
CreateThread
GetStringTypeW
EncodePointer

user32

GetUserObjectInformationW
DefWindowProcW
GetProcessWindowStation
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetWindowLongW
GetMessageW
MessageBoxA
GetWindowLongW
DestroyWindow
wsprintfW

advapi32

RegisterEventSourceA
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RevertToSelf
ImpersonateLoggedOnUser
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
ReportEventA

ole32

IIDFromString
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
StringFromIID
CoUninitialize

shell32

SHGetSpecialFolderPathW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

StrCmpNIW
PathAppendW
PathAddBackslashW

iphlpapi

GetIpForwardTable
GetAdaptersInfo

wtsapi32

WTSQueryUserToken

ws2_32

select
send
sendto
__WSAFDIsSet
accept
listen
ioctlsocket
freeaddrinfo
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
getaddrinfo
bind
socket
WSASetLastError
closesocket
getsockopt
WSACleanup
recvfrom
gethostname
WSAStartup

wldap32

ord26
ord79
ord216
ord14
ord41
ord127
ord145
ord208
ord167
ord147
ord27
ord301
ord46
ord142
ord133
ord118

Exports

Exports

CallTaskFun
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 873KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4625b20b5d390f88bfe2ecd05fc1808d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

iphlpapi

wtsapi32

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 873KB - Virtual size: 872KB

.rdata Size: 223KB - Virtual size: 222KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 873KB - Virtual size: 872KB

.rdata
Size: 223KB - Virtual size: 222KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 39KB - Virtual size: 39KB